An anchor certificate will pre-validate domains for future EV certificate requests. All domains that require an EV certificate should be included in this request. If a domain is not listed in this request, you can still request an EV certificate; however, there will be a longer validation process which will require providing additional documentation to Comodo.
There is no requirement to create this EV anchor certificate; however, we suggest every organization follow this process for best practices. But please note there is only one EV anchor certificate that can be applied to each organization (school). This new process does not change the current certificate ordering process - it is simply to help make the EV ordering process more efficient. This will not generate an actual certificate that can be used.
- Login to CCM
- Navigate to the Certificates Tab and SSL Certificates Sub-tab
- Click the Add button to Add a new Certificate request
- Choose the Organization
- Choose Certificate Type Comodo EV Multi Domain SSL
- Choose Term Length 1 Year (Even though 2 years is an option please choose 1 year)
- Server Software does not matter in this case
- Upload or Copy and Paste CSR (a regular Certificate Signing Request)
Enter the Common Name (this can be any domain for which you need an EV cert)
In the SAN list enter all domains for which you will need an EV cert
Make sure to scroll to the bottom of the form and accept the agreement and click OK.
Note Regarding Domains
Note regarding domains: Please DO NOT include sub-domains in this certificate unless you are only authorized to order EV certificates for a particular sub-domain. The requirements for EV Enterprise RA laid out by the CA/B Forum allow unfettered issuance only of certificates at 3rd and higher domain levels from a fully validated, active EV SSL certificate. For example: Including example.com will allow you to obtain EV certs for sub1.example.com, sub2.example.com or sub1.sub2.sub3.example.com, BUT including www.example.com will only allow sub1.www.example.com, etc. Please note that only base domains are allowed (e.g. no wildcards such as *.domain.edu).
4. Once the request has been submitted, you must have another user approve the request to finalize it. Once the request is approved, you can retrieve the order number.
5. To find the order number in CCM, go to Certificates > SSL Certificates > locate the certificate applied for by the common name > select details. Under certificate details you will see the order number.
6. Open a ticket with Comodo firstname.lastname@example.org and request that an EV anchor cert be set for your account and give them the order number. Please note the validation team may contact you with a request for additional information to verify ownership and company identity. Turnaround time for this request is dependent upon completion of this paperwork.
This EV anchor will be valid for approximately 13 months. DCV expiration notifications will be sent out for this certificate just like any other certificate. The certificate can be renewed in CCM or another certificate ordered. However, the validation team will still need to be contacted with the new order number (a renewal will generate a new order number) and request to make it an anchor certificate.
The primary organizational (school) details will be set to match the details validated in the anchor cert order. If those details are changed it will require a new anchor certificate to be created and then validated.
*The departments under the primary organization (school) will NOT be allowed to have different details except for the Department Name. The street address, city, state, postal code, and country will become uneditable.
For additional questions/concerns, please contact validation (which can be reached Monday thru Friday 7 am to 5 pm Eastern) at 888-256-2608 Option #2. (Option #3 will bring you to technical support for CCM process/procedure questions).